package org.easymis.crm.config;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.easymis.crm.modules.system.filter.SysAccessControllerFilter;
import org.easymis.crm.modules.system.shiro.ShiroRealm;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
	   @Bean
	    public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
	        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	        shiroFilterFactoryBean.setSecurityManager(securityManager);

	        //拦截器.
	        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
	        // 配置不会被拦截的链接 顺序判断
	        filterChainDefinitionMap.put("/static/**", "anon");
	        filterChainDefinitionMap.put("/public/**", "anon");
	        filterChainDefinitionMap.put("/upload/**", "anon");
	        filterChainDefinitionMap.put("/plugins/**", "anon");
	        filterChainDefinitionMap.put("/code", "anon");
	        filterChainDefinitionMap.put("/login", "anon");
	        filterChainDefinitionMap.put("/logincheck", "anon");
	        filterChainDefinitionMap.put("/css/**", "anon");
	        filterChainDefinitionMap.put("/fonts/**", "anon");
	        filterChainDefinitionMap.put("/admin_files/**", "anon");
	        filterChainDefinitionMap.put("/js/**", "anon");
	        filterChainDefinitionMap.put("/common/**", "anon");
	        filterChainDefinitionMap.put("/images/**", "anon");
	        filterChainDefinitionMap.put("/defaultKaptcha", "anon");
	        filterChainDefinitionMap.put("/api/**", "anon");
		   	filterChainDefinitionMap.put("/airReport/**","anon");
		    filterChainDefinitionMap.put("/superset/**","anon");
		    filterChainDefinitionMap.put("/supersetDraw/**","anon");
	        filterChainDefinitionMap.put("/core/**", "anon");
	        filterChainDefinitionMap.put("/xnair/**", "anon");
	        filterChainDefinitionMap.put("/**", "authc");
	        
	        shiroFilterFactoryBean.setLoginUrl("/login");
	        shiroFilterFactoryBean.setSuccessUrl("/index");
	        shiroFilterFactoryBean.setUnauthorizedUrl("/login");
	        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
	        return shiroFilterFactoryBean;
	    }

	    @Bean
	    public ShiroRealm myShiroRealm(){
	        ShiroRealm myShiroRealm = new ShiroRealm();
	        return myShiroRealm;
	    }


	    @Bean
	    public SecurityManager securityManager(){
	        DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
	        securityManager.setRealm(myShiroRealm());
	        return securityManager;
	    }

	    /**
	     * 限制同一账号登录同时登录人数控制
	     * @return
	     */
	    public SysAccessControllerFilter kickoutSessionControlFilter(){
	        SysAccessControllerFilter filter = new SysAccessControllerFilter();
	        //使用cacheManager获取相应的cache来缓存用户登录的会话；用于保存用户—会话之间的关系的；
	        //这里我们还是用之前shiro使用的redisManager()实现的cacheManager()缓存管理
	        //也可以重新另写一个，重新配置缓存时间之类的自定义缓存属性
//	        filter.setCacheManager(cacheManager());
//	        //用于根据会话ID，获取会话进行踢出操作的；
//	        filter.setSessionManager(sessionManager());
	        //是否踢出后来登录的，默认是false；即后者登录的用户踢出前者登录的用户；踢出顺序。
	        filter.setKickoutAfter(false);
	        //同一个用户最大的会话数，默认1；比如2的意思是同一个用户允许最多同时两个人登录；
	        filter.setMaxSession(1);
	        //被踢出后重定向到的地址；
	        filter.setUrl("/login");
	        return filter;
	}
}
